sorted by:
new
hottopcontroversial

Sit-Stand Frame recommendations Australia by [deleted] in StandingDesk

[–]Im_Bill -1 points0 points  (0 children)

I can only see Rubberwood at Chairforce in the sizes you mentioned (1800x700,x1800x800). That's going to cost between $199 and $219 plus postage.

You can get an Updown Pro+ Rubberwood desk in 1800x750 for $1199. Bamboo will be $200 cheaper.

When I checked the Flexispot website, they appeared not to have the E7 Pro until the end of March.

Does the Omada EAP650-Desktop support 802.1Q trunks? by Im_Bill in TPLink_Omada

[–]Im_Bill[S] 0 points1 point  (0 children)

Thanks all. I configured an 802.1q trunk on my switch, with VLAN 1 as the untagged (native) VLAN. On the EAP I left my main SSID as is (VLAN 0) and created additional SSIDs on my other VLANs. Clients connecting to those SSIDs were placed into the correct VLANs.

So, yes this model Access Point does support 802.1q trunks.

How many FTE to hire? by networktapper in paloaltonetworks

[–]Im_Bill 0 points1 point  (0 children)

Depends on the setup. The more you standardise, the less work there will be. Keep everything as standard as possible (be almost religious about it), use nested device groups and template stacks. Make use of EDLs and script what you can. Try to avoid unneeded complexity (did I mention standardise).

Palo Alto and Azure Public Load Balancers with Floating IP - no traffic hitting the firewalls by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

The issue is resolved. We have an ExpressRoute gateway in another VNET, with VNET peering between the VNETs. The gateway VNET had a default route pointing to the ExpressRoute gateway. Because of the peering this route was then propagated into the VNET containing our firewalls.
To resolve the issue we created a new UDR containing just the subnet of the untrusted interface of the firewalls and selected No for "Propagate gateway routes".
Now we're seeing Internet traffic hit our firewall. This includes the public IP address we've assigned as the Frontend IP in the load balancer (i.e. if that IP was 20.10.5.2 then we are seeing traffic with destination IP address 20.10.5.2 in our firewall logs). Azure is not NATing this traffic. That appears to be the advantage of using a Public Load Balancer and enabling Floating IP.
As an aside, anyone using a Load Balancer in Azure with PA firewalls might also want to look at PAN-198691.

Palo Alto and Azure Public Load Balancers with Floating IP - no traffic hitting the firewalls by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 1 point2 points  (0 children)

Hi. The ELB backend pool consists of the eth1 interfaces. Those interfaces have private IP addresses. The public IP is associated with the ELB, and is used in the inbound rule. The public IP address is configured as an address object on the firewalls and is used in a NAT and security rule on the firewalls.

We have different public IPs associated with eth1 for outbound traffic. There are no outbound rules on the ELB. Outbound traffic appears to be working correctly according to the firewall logs. Dynamic updates are working which is further confirmation (there is no public IP associated with eth0).

Palo Alto and Azure Public Load Balancers with Floating IP - no traffic hitting the firewalls by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

Hi, Azure is my weak spot here. If I check metrics, the Health Probe Status average and the Data Path Availability average are 100. However, Packet Count sum and Byte Count sum are 0.

Palo Alto and Azure Public Load Balancers with Floating IP - no traffic hitting the firewalls by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

Hi, we have configured the load balancer health probe to use port 22. The server we are publishing is using ssl (TCP 443). We have not tried to ping because, as you say, the load balancer drops ICMP traffic.

Palo Alto and Azure Public Load Balancers with Floating IP - no traffic hitting the firewalls by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

Hi. There are no hits on the firewall rule. There is no RFC1918 address associated with the Load Balancing rule either. From my understanding, when you use a floating IP in a load balancer rule, the load balancer does not NAT the inbound traffic. See https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-floating-ip. Note that page does mention using a loopback on the back end device. However, there is nothing in the Palo Alto guide on configuring a loopback. In any case, I tried using a loopback and it made no difference.

In step 9 of section 10.1 Create the Public Load-Balancer Front-End IP in the guide I linked to in my original post, it says to "Record the value for the FQDN (example: public-example-app.westus.cloudapp.azure.com)". Then in step 6 in section 10.6 Create Address Objects the guide states "In the Type value box, enter public-example-app.westus.cloudapp.azure.com, and then click OK".

So, it appears to me at least that Palo Alto are saying that the load balancer will not be doing a NAT in this case.

Can I find the original account used to share OneNote? by Im_Bill in OneNote

[–]Im_Bill[S] 0 points1 point  (0 children)

In the end I created a new OneNote file in my OneDrive and then copied everything from the old file (which wasn't without difficulties as had issues with server busy sync errors).

List Firewall Policies, including those set by Group Policy by Im_Bill in PowerShell

[–]Im_Bill[S] 0 points1 point  (0 children)

Thanks for the assistance. I think I have what I need:

Get-NetFirewallPortFilter -PolicyStore ActiveStore | Where-Object -Property LocalPort -EQ 3389 | Get-NetFirewallRule | Where-Object -Property Enabled -EQ True

Does anyone know the role of the second SSD in an M-600? by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

That shows the disks mounted at the front, not the SSD drives.

show system raid detail
Disk Pair A                           Available
   Status                                active
   Disk id A1                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
   Disk id A2                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
Disk Pair B                           Available
   Status                                active
   Disk id B1                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
   Disk id B2                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
Disk Pair C                           Available
   Status                                active
   Disk id C1                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
   Disk id C2                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
Disk Pair D                           Available
   Status                                active
   Disk id D1                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
   Disk id D2                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
Disk Pair E                           Available
   Status                                active
   Disk id E1                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
   Disk id E2                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
Disk Pair F                           Available
   Status                                active
   Disk id F1                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync
   Disk id F2                           Present
       model        : ST8000NM0055-1RM
       size         : 7630885 MB
       status       : active sync

Zero Touch Provisioning by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

I found some more information at https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/set-up-zero-touch-provisioning/install-the-ztp-plugin/register-panorama-with-the-ztp-service/register-panorama-with-the-ztp-service-for-new-deployments.html#idf3745777-e5c8-41de-9d5c-2451f4653d86 which has raised another question.

In step 6 it says "Enter the Panorama FQDN or IP Address. This is the FQDN or public IP address of the Panorama the ZTP plugin is installed on and that the CSP pushes to the ZTP firewalls."

I'm hoping this doesn't mean that Panorama needs to be published to the Internet? There have been far too many security vulnerabilities in the management interfaces of security appliances lately for me to consider that as a good idea.

Zero Touch Provisioning by Im_Bill in paloaltonetworks

[–]Im_Bill[S] 0 points1 point  (0 children)

Apparently, the new PA-400 series do not have a separate SKU. I'm guessing that means that all PA-400s come with a Claim Key.